-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3087-1                   security@debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
December 04, 2014                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : qemu
CVE ID         : CVE-2014-8106

Paolo Bonzini of Red Hat discovered that the blit region checks were
insufficient in the Cirrus VGA emulator in qemu, a fast processor
emulator. A privileged guest user could use this flaw to write into qemu
address space on the host, potentially escalating their privileges to
those of the qemu host process.

For the stable distribution (wheezy), this problem has been fixed in
version 1.1.2+dfsg-6a+deb7u6.

We recommend that you upgrade your qemu packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUgGL2AAoJEAVMuPMTQ89EDIAP/0TuKIFV4hwqTNeFhKVBBbm5
ZM3Oy95iCL2hsRl9YqQg4YPrZ4RP5HJI6NYDsA5+kuQCuSENl1kE4X/37CKo0g5I
Dd6sUnZymir+6TIBz3cpwQlRoeaYH8lKU1V+laofbcseUu/3EVjMnBviY/lM47FP
PRNkZKf0SABuyoh59BcjVCbeLoNmymYEEYS0l9XrRWI1tYyQx311wJylPLh63ZB4
ArpkvQJhYz8gOmpabAkoQF668lxFoyejHVfFXYWv71nqeGD0/AxNKrM1YF7SChhX
pAXgzu+AF0Zg6Ydk9cRXNMJhuR86EjwohUzt5zmBoPwnH8W+g2Kxk9C6uNfhqQzk
oooGYgixIpJKLwqRwGPPmDhBX9tKhLYbL9WHNHUo2m8pPQIZfFSHh4l6iQrXImkB
IxN/mMym4elkCUsHAhUCMJIXw3mhUimYZOHKKTk/ydCTFDjg7I/dH+FzJ0d2Oyp/
Rhksn0PyTWNI7yOpUOV5BiHyreLJd5VAbTlQvfJ6Nb30ybbTU00jllol9v6tUz7I
Uv4LzgPI1rp4s8tjfS4AiJZQc1NMbf/fT0EPyeuzY/ef8ph71eccO4vkD8gvv2iG
nGOWNLLopuLAEjS+Flg4FInenNBXxC1m/tYLaTP2dukX0xqPvUQX3fCVIfS3qd15
B49r56dZcgZVzKzI8Zix
=uUu3
-----END PGP SIGNATURE-----